Introduction

It might not be a common scenario, but anyway it happens - and you know how it is. Personally, I have two email accounts, lots of sites where I've registered, and much, much more. Time went by...

...And suddenly the amount of information to be remembered (the attempt in itself was completely unjustified) has reached some level when I had several mutually exclusive options:

Forget everything - probably the easiest option, which, however, could cause a nervous breakdown or something...

Write as much as I could remember on a noticeable orange (yellow, red...) piece of paper and hide it somewhere in a hope that I won't forget where I put it.

Write all passwords and stuff in a Notepad file and either have it stolen or, according to Murphy's law, forget about it and remember only after pressing Enter in a format c: magic spell.

Download some program. The easiest option, but for some reason (I admit that I didn't spend weeks searching for a a. Simple, b. Freeware and c. Secure program), I chose a somewhat different option, which is...

Write my own password manager.

Of course, there must have been some great programs (hmmm...) doing the same job, but it was just quite interesting to write my own password manager for personal use (I actually haven't initially thought of posting it on The CodeProject), so here are the results of my work.

Background

In the beginning, I've spent some time looking for a suitable encryption algorithm (at that time, I didn't even suppose that I'll also need a hashing algorithm - lack of planning and stuff...). I decided in favor of RC5 - a symmetric block cipher, which was said to be fast and secure. Initially, I wanted to write some kind of CRC5 class but (mostly for the hell of it) I decided to turn it into a separate fancy-looking DLL with some kind of API (contexts, handles and so on...). Then I started to think about how the program itself will look like. The idea of storing User name and Master password in the password storage itself seemed perfidious, so I understood that some hashing algorithm is required and I fixed upon MD5, invented by the tireless Professor Ronald R. Rivest. As with RC5, a simple CMD5 class turned into a standalone DLL. So here's what I decided to implement.

Store a <User Name> + <Master Password> hash in a password storage and compare with the hash of <User Name> + <Master Password> entered when attempting to open a storage.

When loaded, all sensitive information remains encrypted until it is shown on the screen.

The Code

A few notes about the code and my style (in case anybody's interested). The core code is pretty straightforward and (hopefully) well commented - again, I originally had no intention to post it or whatever. It compiles clearly under Warning level 4 - well, except for the stupid C4786 warning with compiler choking on long names, but Release version should compile perfectly. I had no possibility (or maybe I felt too lazy) to test the program on platforms different from Windows 2000, and I think there are a few notes to be held in mind if you would like to launch it under, say, Windows 9x.

The IDC_HAND resource (a cursor - see StaticHyperLinkEx.cpp) is, according to MSDN, a stock resource only for Windows 2000 and above, so take this into account - you might need to import some suitable cursor or something.

Furthermore, SS_ENDELLIPSIS style for static controls will work under Windows 9x - it is for Windows NT and later, so this code:

should be either removed or altered somehow. And PathCompactPathEx() requires Internet Explorer 4.0 for all platforms.

For some (obscure?) reason, usual User Interface Update stuff doesn't seem to be working in dialog-based applications, so I had to do menu items switching by calling SwitchMenu() and passing some flags.

I wonder why Tree View does not support Drag-n-Drop natively - it was hell of a job to decipher the poorly written SDK documentation in order to implement this stuff.

And a few words about problems and "not-yet-implemented" things (except for the things above):

Some flickering when either switching from Element to Element or switching from Hide Password to Show Password mode or vice versa. This is because of switching controls on and off, and I hope to fix it soon.

Somehow inconvenient Password Generator as you have to move your mouse to generate a password - but on the other hand, it is not that bad...

Unicode support hasn't been tested properly.

Results

This section is more likely to be a feature list, but it is pretty much the same, I guess. So this is what we have for the moment:

Fairly fast and lightweight program. The throughput of the cipher is the same for all key lengths less than 832 bits, so there are no performance reasons for choosing shorter keys.

Reasonable level of security. For the time being, I saw no reviews or whatever about successful crypto-analysis of RC5. I can't say the same thing for MD5 as B. den Boer and A. Bosselaers succeeded in discovering collisions in this hashing algorithm (see "Collisions for the Compression Function of MD5" for detail), but this fact doesn't affect the overall security level.

Native file format. This allows to do some shell-related tricks like opening storage by double-clicking... well, you know how it is.

User's files hashing. This feature can be used to hash some users' files (or messages) to monitor their consistency and integrity.

Password generator. This is not a huge novelty, but nevertheless it is quite a handy feature.

Easy to use. Every function is clearly visible in the interface. Context menus in a tree control might not be so obvious, but they do exist (as well as hyperlinks within dialogs).

Password security. Not an obvious notion, but the idea is quite simple. Security level can be greatly compromised by exposing the exact length of your passwords, so if you have, say, 6 characters in your password and you're in a Hide Password mode, the program displays 10 asterisks all the time.

Some kind of Intelligent Context Menus (a fancy name, isn't it ;) ?). Menu items are not just switched on or off - instead, I'm loading totally different menus (with more convenient layout) when right-clicking on various parts of the tree to the left.

Hot keys. Each element can be assigned a hot key, so password of the respective element is transferred directly to the currently focused window, but it is somewhat superseded with SmartType.

Rated items. All items (both Categories and Elements) can be rated according to their importance.

Shell extension. Provides a tool-tip with information about storage version and key size. Mostly for fun...

XML Export. Just exports password storage to XML file. I'm now studying XSLT in order to create some fancy transformation.

SmartType. The most interesting thing (at least I think so). By pressing a defined hot key, password and login are automatically transferred to a focused window without any hassle.

Here are a few more points in case anybody's interested (these are taken directly from Options dialog):

Maintains File Associations

Minimizes to Tray

Create Backup Before Saving

Auto Save on Exit

Shell Open as Read Only

Reload Last Storage

Reload as Read Only

SmartType

Automatic Sorting

Clipboard Erasing

Feedback

Should you encounter any bugs or have any ideas - email me. All suggestions are greatly appreciated.

History

1.8 Build 1482 (5 March 2005)

This is mostly for developers - added a new Project configuration (release with MFC statically linked) - inspired by alens.

New executable (for those who don't have VS2003 installed) - somewhat bigger than the first one - here it is, gixxer600.

Added Installer (thanks to Jordan Russell for InnoSetup).

1.8 Build 1482 (15 August 2004)

MD5 Hash Generator is now fully RFC-compliant (thanks to Robin Schive for inspiration).

Address field is hyperlinked.

Icons are now in a separate DLL, so one can build a new one (thanks to Robin Schive and many others).

1.7 Build 1421 (15 July 2004)

Removed the useless button on the main dialog - it looked truly awful under Windows XP.

Ported to Visual C++ 2003 and there will be no further Visual C++ 6 versions.

A few more points I can't really recall :)

1.7 Build 1372 (24 June 2004)

Storages can now be opened in Read-Only mode.

Backing up previous storage.

A few new options.

Saves settings to XML files.

"Copy" command now works in all fields (quite a popular request).

1.5 Build 1156 (8 May 2004)

SmartType feature (partly inspired by Garth J Lancaster).

Export To XML is possible.

A few UI fixes/improvements.

1.4 Build 867 (24 April 2004)

Shell extension which displays Storage Version and Key Size in tooltip (thanks to Michael Dunn for a series of great articles).

Items can be Rated according to their importance (somewhat inspired by Orcrist).

Items can be Sorted (both Categories and Elements).

And finally, they can be Auto-sorted when adding.

1.2 Build 720 (19 April 2004)

Fixed a bug in User's file hashing.

Enter works as it has to in all "Notes" and "Descriptions" (thanks to zijan).

1.1 Build 713 (11 April 2004)

"Minimize to tray " feature added.

"Reload last storage on exit" feature added.

"Auto-save storage on exit" is possible.

Hot keys can be assigned to transfer passwords directly to destination windows.

Storage options can be set up.

File associations are maintained directly by the program.

1.0 Build 521 (4 April 2004) - Initial release.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

today my password storage file got corrupted I'm using Exile 1.8 build 1482. After pasting a rather long text to the notes textbox navigation in the treeview was faulty: sometimes the right pane showed the item selected in the treeview and sometimes it didn't (just didn't refresh as if I hadn't changed the selection in the treeview). I then thought it'd be a good idea to save my changes and restart Exile. Unfortunately Exile then just hung on startup (I've set Reload Last Storage to Yes). Meanwhile I've restored a fairly currend version of my pws-file from a backup and Exile is happy again (and so am I ).

A few suggestions though:(1) In the app's main window I can't copy a password using the textbox's context menu.How about a button next to the login and password textboxes to copy their content?How about assigning a hotkey to these functions (Ctrl+L copy login, Ctrl+P copy password)

(2)Focus on the the TreeView the hotkey Alt+E inserts a new element. This interferes with accessing the Edit-menu (Alt+E, too).

(3) I'd like to access the password generator from the 'Edit Element' dialog. Possibly a button next to the password textbox?

Thanks for comments!I completely agree with you on points 1, 2 and 4 (item 4 is kind of "known bug", but I never got round to fixing it ).As for point 3, there is a hyperlink in the "Edit Element" dialog. Try clicking it - there is a "Generate Password" option in the menu that pops up.And thanks for issue 5.By the way, can you come up with more "clever" and English-like names for what is currently "Category" and "Element"? Thanks in advance!

Thanks for your answer - especially the hint for (3) Sl0n wrote:...can you come up with more "clever" and English-like names for what is currently "Category" and "Element"?Well, I'm not a native English speaker, so I'm not sure about 'more English-like names'. What do you think of 'Item' and 'Folder' or 'Group'?

Exile is built with VS7.1 (that is, 2003) and therefore uses MFC 7.1 (and a few features, specific to later versions of Windows, for that matter). So if you really want Exile to run, make me know - I'll either rebuild the whole thing with MFC statically linked, or will just provide a few DLLs.

That would be awsome. I do have 1.7 installed at the moment. Honestly Im not sure what MFC is, Im just an amauter webmaster who luvs .net web apps. If you provided the .dlls would all I have to do is just copy the file & overwright the existing 1.7 files?

Thanks for replying back, much appreciated & like I said luv Exile, keep up the awsome work!!

But I have following problem: when I want to build with MFC staticly linked ("Use MFC in a Static Library" instead of "Use MFC in a Shared DLL") I get these two errors:(1) exile_src\Exile\hyperlink.cpp(12): error C2039: 'classCReadonlyEdit' : is not a member of 'CReadonlyEdit'(2) exile_src\Exile\hyperlink.cpp(12): error C2065: 'classCReadonlyEdit' : undeclared identifierIs there a solution or do I have to install VS.NET on every computer that would use Exile?

Sorry for not responding for so long. This problem is solved in this update (which didn't change the version number, actually). You have to add DECLARE_DYNAMIC(CReadonlyEdit); to ReadonlyEdit.h (to public secion) and IMPLEMENT_DYNAMIC(CReadonlyEdit, CEdit) line in cpp file right above the constructor.

Whoa! That's a bunch of suggestions . But I'm not sure I understood you correctly with that "extended Insert Category" thing, so could you please shed some light upon that .As for new Category Types - yes, I've been thinking about it for a while and decided to make them as flexible as possible by implementing those, as I see them, Layout Providers, as COM objects... Anyway, got them on my todo list.Thanks for suggestions!

By entended category I merely mean to say that you can support Credit Cards and bank cards as well. When the user right clicks and selects "New Element", maybe he/she can be asked its type for "Web Logons, Credit Card or Bank Card" and then provide the appropriate add element controls.Hope this is clearer, Again, great app, love it.ThanksRockJongleur

Anonymous wrote:Check to see if the Address field is populated with a web address. If so, it will open up a browser window to that location by clicking on it.

Yep. I've been thinking about it. I also thought about some formatting flags such as, say, %password, %login, etc. but I'm not sure if anyone will ever use them since it is not a good idea to transfer passwords/logins over the net as plain text. But who knows ...

Anonymous wrote:More icons! I was hoping to find an icon DLL of some sorts... any shot of moving the icons to their own DLL which can be customized?

Quite a popular request, I think . I'm still sort of researching this problem and I hope I'll find a solution for the next release.Thanks for the feedback!

I've done the following for an element thru the Edit Context menu item:1) Set a userid/password to my codeproject id and password.2) Set the address to: 'http://www.codeproject.com'3) Set the hotkey to: 'Cntl + X'

I've done these for the Advance Edit menu item:1) Set the target window title to: 'The Code Project - Free Source Code and Tutorials - Mozilla Firefox'2) checked 'Enable SmartType'3) I've been dragging the magnifying glass icon for userid and password fields to the Email/Password textboxes, but I just get 0. 4) So I've tried manually setting each to 1, 2, or 3 without success.

I've set the following options under Edit/Options menu item:1) Enable SmartType to 'Yes'2) Set SmartType invocation key to Cntl Z

To test it I've gone to www.codepage.com and try combinations of Cntl+Z and Cntl+X. What am I doing wrong? I'm not clear as to what the difference is between the SmartType invocation key and the individual hotkey assigned to the CodePage element. This would really be great if I can get it to work.